package org.larkdoc.auth;

import java.io.IOException;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;

/**
 * 自定义基于URL做权限过滤器<br/>
 * 目前只支持url全量匹配：HttpServletRequest.getServletPath()
 * 
 * @author  zhangpeijun
 * @version  [v1.0.1, 2017年4月7日]
 * @see  [相关类/方法]
 * @since  [产品/模块版本]
 */
public class UrlPersAuthorizationFilter extends PermissionsAuthorizationFilter {
    
    @Override
    public boolean isAccessAllowed(ServletRequest request, ServletResponse response,
                                   Object mappedValue) throws IOException {
        // PermissionsAuthorizationFilter 说明
        // shiro自带的 perms == PermissionsAuthorizationFilter 
        // 示例: /user/page/* = perms[create:user] 。
        // [create:user] 为  PermissionsAuthorizationFilter参数：mappedValue
        return super.isAccessAllowed(request, response, getMappedValue(request));
    }
    
    /**
     * 基于URL进行权限验证，此处使用请求url作为权限值(mappedValue)去匹配
     * @param request
     * @return [参数说明]
     * 
     * @return String[] [返回类型说明]
     * @exception throws [违例类型] [违例说明]
     * @see [类、类#方法、类#成员]
     */
    private String[] getMappedValue(ServletRequest request) {
        String[] perms = new String[1];
        HttpServletRequest req = (HttpServletRequest)request;
        String path = req.getServletPath();
        perms[0] = path;
        return perms;
    }
    
}
